Adam Shostack  May 26, 2024

Microsoft could fix ransomware by rate limiting createfile(), the api that’s used to open files. Opening files is a crucial step to encrypting or exfiltrating the data, and very few apps need to open a lot of files at once.

I’ve heard that Microsofts reason for not fixing it is … because user experience shouldn’t change because of windows update… https://wandering.shop/@xgranade/112498285644883431

Xandra Granade 🏳️‍⚧️ (@[email protected])

I remember when Windows 10 mail was local only, before a Windows Update made it cloud-only. I remember Edge didn't have built-in ads, before an update put ads everywhere. I remember when the My Documents folder was local-only by default, until a new version of OneDrive pushed it all to the cloud by default. History suggests that this kind of product is too often a wedge to justify more abuse of personal information in the future.

The Wandering Shop
Show threadWowSuchCyber

@adamshostack @xgranade or at the very least, monitor the use of it and block abusers.

In 2015 my company suffered a ransomware attack, a low complexity one: management PA also managed the info@ address, opened an infected word file and left for lunch. By the time my team located the laptop and isolated it, it had infected 400k files in the shares she had access to. 1/2

May 27, 2024 at 6:23amWeb